# Postgresus 2.0: Key Updates for Automated PostgreSQL Backups
Postgresus 2.0 boosts the capabilities of this open source PostgreSQL backup tool. In just six months, the project has racked up 246 commits, 2.7k stars on GitHub, and 40k downloads from Docker Hub. New features include database health checks, expanded storage and notification options, project management with roles, multi-level encryption, optimized compression, and a Helm chart for Kubernetes. Ditching incremental backups has streamlined the architecture.
The tool deploys via Docker, docker-compose, or Helm, and supports both self-hosted and managed PostgreSQL. The main focus is automating scheduled backups with notifications and storage in various backends.
Database Availability Checks
The new feature monitors connection status to databases. Postgresus periodically checks availability, displays metrics in the UI, and sends notifications during downtimes. You can disable checks or configure the interval.
When a database is unavailable, it generates an alert via your chosen channel: Telegram, Slack, Discord, MS Teams, SMTP, or webhook. This lets you respond to outages quickly without extra monitoring tools.
Expanded Storage and Notifications
Storage support has grown: added CloudFlare R2, Google Drive, Azure Blob Storage, and NAS alongside local disk and S3. FTP, SFTP, and NFS are planned.
Notifications now integrate with Slack, Discord, MS Teams, and custom webhooks. Webhooks offer flexible setup for any platform.
- Storage: S3, R2, Google Drive, Azure Blob, NAS, local.
- Notifications: Slack, Discord, Telegram, MS Teams, SMTP, webhook.
Project Management and RBAC
Project hierarchy has been introduced for segmenting databases. Admins create projects and assign users roles:
- Read-only: view backup history, download files.
- Edit: add/remove/change databases + read-only permissions.
Audit logs record all actions: deleting databases, downloading backups, changing settings. This is essential for DBA, DevOps teams, and outsourced developers handling data from multiple clients.
Projects enable isolation of:
- Client A's databases.
- Company B's internal databases.
- Team C's test environments.
Multi-Level Encryption and Security
Security has been overhauled for enterprise use cases. Protection across three levels:
Secrets Encryption
Database passwords, storage tokens, and notification credentials are encrypted with AES-256-GCM. The key is stored in a separate file outside the Postgresus database. Decryption happens on-demand during use.
Backup Encryption
pg_dump files are encrypted on the fly with salt and IV (AES-256-GCM). Enabled by default but can be disabled. Protects against leaks even in public S3 buckets.
Read-Only Users
When adding a database with write permissions, Postgresus suggests creating a read-only role. This automates best practices and minimizes data corruption risks in case of compromise.
Compression Optimization and Performance
zstd level 5 by default for PostgreSQL 16+ (gzip for PG 12+). Benchmarks across 21 scenarios show the optimal speed/size balance: ~8x compression, 2x space savings at the same speed vs. gzip 5.
Dropping incremental backups and PITR simplified the logic, focusing on full dumps.
Kubernetes Deployment and UI Improvements
Added a Helm chart for native k8s installs. Three contributors collaborated on it.
The UI now features a dark theme (as requested by the community). UX enhancements target mid/senior users: dashboards with metrics, one-click settings.
What's Not Implemented
- Full database resource monitoring (CPU, I/O).
- Built-in SQL console.
These features are deferred, with focus on core functionality: backups + security.
Key Highlights
- Multi-level encryption: AES-256-GCM for secrets and backups + read-only roles.
- Team collaboration: projects, RBAC, audit logs.
- Optimization: zstd by default, 8x compression.
- Integrations: new storages (R2, Azure, Drive), notifications (Slack, Teams).
- Monitoring: database health checks with alerts.
— Editorial Team
No comments yet.